Manalyze report for a9ea61c5ae7eab02c63955336a7c7efe

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
Compilation Date	2014-Jun-20 20:41:46
Comments
CompanyName
FileDescription
FileVersion	`1.0.0.0`
InternalName	ShellObjects.dll
LegalCopyright
LegalTrademarks
OriginalFilename	ShellObjects.dll
ProductName
ProductVersion

Plugin Output

Info	Matching compiler(s):	`Microsoft Visual C# v7.0 / Basic .NET` `.NET DLL -> Microsoft`
Suspicious	The PE is possibly packed.	`The PE only has 1 import(s).`
Info	The PE is digitally signed.	`Signer: Intel(R) Wireless Display` `Issuer: Intel External Basic Issuing CA 3B`
Safe	VirusTotal score: 0/68 (Scanned on 2018-10-06 14:22:26)	`All the AVs think this file is safe.`

Hashes

MD5	`a9ea61c5ae7eab02c63955336a7c7efe`
SHA1	`02648633ab3641bea7f5854fe5668b27bb626887`
SHA256	`0bc1b497babfabb4acc34d00cf4ce2db04b0d39adb6029cf7a721ec2b9b55fe3`
SHA3	`b667107a9b673cac24a74cbc2fc3739dcd119407dad0b5de5e9220e4c4421ac5`
SSDeep	`3072:SlWWTp1IfALK5bfHFH/HFHNVQItGXVDB53te88elHgW/:SkAp1If3VQItGXze88AD`
Imports Hash	`dae02f32a21e03ce65412f6e56942daa`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`3`
TimeDateStamp	2014-Jun-20 20:41:46
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_DLL` `IMAGE_FILE_EXECUTABLE_IMAGE`

Image Optional Header

Magic	`PE32`
LinkerVersion	`11.0`
SizeOfCode	`0x22e00`
SizeOfInitializedData	`0x600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00024DAE (Section: .text)`
BaseOfCode	`0x2000`
BaseOfData	`0x26000`
ImageBase	`0x400000`
SectionAlignment	`0x2000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2a000`
SizeOfHeaders	`0x200`
Checksum	`0x2f023`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_CUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_NO_SEH` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`2ce3e969c42c856b61669c900fc654ab`
SHA1	`0103ea8597670c11897beb288f23931f60e9cf1b`
SHA256	`e8158d36900b479f5a3fb81ce358730fad59002520095e12b94b11380a1fc973`
SHA3	`b21ca1e515439eafc6e2ef0991fc6882abcd43ce9ab4e907f9e51c12c937bd95`
VirtualSize	`0x22db4`
VirtualAddress	`0x2000`
SizeOfRawData	`0x22e00`
PointerToRawData	`0x200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.12565`

.rsrc

MD5	`1c554b6389847c1cff4c86151bf4dd49`
SHA1	`29029299e0e0a99825cfb312f068fa230aa68e6d`
SHA256	`e9b92ce22d0ad6823d7e2ff69ce4432bcc1434088dd88a38fb93d7d14f1ce12f`
SHA3	`1d9cde09f7a150c2ead5d32a8e165df0ef39bde1973b9b858a9a6235c99dd34a`
VirtualSize	`0x300`
VirtualAddress	`0x26000`
SizeOfRawData	`0x400`
PointerToRawData	`0x23000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.46068`

.reloc

MD5	`c0366ac30b631c877263f9f8a969fbe4`
SHA1	`875c3e062ce52673d2423a86efb4276f986fc49d`
SHA256	`c73175bf681dfb0500f7f7231ad1857e4afb2e0c0190ee10e82744645b5fcf47`
SHA3	`e8220e3c0d30ba5b3d90b9c4bdbc5627de03c7a849ed480aa163a5f7709bbd97`
VirtualSize	`0xc`
VirtualAddress	`0x28000`
SizeOfRawData	`0x200`
PointerToRawData	`0x23400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.10191`

Imports

mscoree.dll	`_CorDllMain`

Delayed Imports

1

Type	`RT_VERSION`
Language	UNKNOWN
Codepage	UNKNOWN
Size	`0x2a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.21745`
MD5	`7a762b155b9298cc989140ec7269d29a`
SHA1	`3c697c23dea8ca9660cea2f0b018b0ef16b623a1`
SHA256	`23790fd6b746cff2a06a1e7c6a7b60c5ba080e3a9052b85bf202621f65534f74`
SHA3	`cdc59e2a1bc1481c4fb8de3b2536482956dbc66d9d4dfb62fbea379019c3a4ed`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.0
ProductVersion	0.0.0.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_DLL`
Language	UNKNOWN
Comments
CompanyName
FileDescription
FileVersion (#2)	1.0.0.0
InternalName	ShellObjects.dll
LegalCopyright
LegalTrademarks
OriginalFilename	ShellObjects.dll
ProductName
ProductVersion (#2)

Resource LangID	UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

a9ea61c5ae7eab02c63955336a7c7efe

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rsrc

.reloc

Imports

Delayed Imports

1

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors